Skip to main content

Gmail update will go some way to eliminating phishing once and for all

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock )
Audio player loading…

The days of cybercriminals using spoofed logos and lookalike email addresses to trick unsuspecting users into falling for phishing scams (opens in new tab) could soon be over as Google is adding a new security feature to Gmail (opens in new tab) to make it harder to impersonate brands over email.

While the search giant announced last year that it would begin its Brand Indicators for Message Identification (BIMI (opens in new tab)) pilot, in a new blog post (opens in new tab) the company has said that it will begin rolling out BIMI support in Gmail over the coming weeks.

For those unfamiliar, BIMI is an industry standard that aims to drive adoption of strong sender authentication for the entire email (opens in new tab) ecosystem. It does this by providing email recipients as well as email security systems with increased confidence in the source of emails to prevent impersonation attempts.

BIMI Logos in Gmail

(Image credit: Google)

BIMI support

As part of Google's rollout of BIMI in Gmail, organizations that authenticate their emails using DMARC (opens in new tab) will be able to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass Google's anti-abuse checks, Gmail will begin displaying an organization's logo in the service's avatar slot so that users know these emails come directly from a company and not from someone impersonating them.

According to Google, BIMI is designed to be easy for organizations with DMARC already in place and once configured, validated logos will be displayed on emails from both their domains (opens in new tab) and subdomains.

Chair of the AuthIndicators Working Group, Seth Blank praised Google's support of BIMI in Gmail, saying:

“Gmail's support of BIMI is a win for email authentication, brand trust, and consumers alike. BIMI gives organizations the opportunity to provide their customers with a more immersive email experience, strengthening email sender authentication across the entire email ecosystem.” 

In order to take advantage of BIMI, Organizations will first need to adopt DMARC before having their logo validated with Verified Mark Certificate (VMC). Gmail users on the other hand won't have to do a thing and they'll soon see company logos alongside their emails once BIMI support rolls out in the coming weeks.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.